Method and arrangement for managing security reconfiguration in a cellular communication system

ABSTRACT

Methods are discussed of managing security reconfiguration and cell update procedures in a user equipment and in a node in a cellular communication system and a user equipment and a node in the cellular communication system. Methods in the user equipment may include detecting a cell update trigger event, and aborting any ongoing security reconfiguration procedure in the user equipment in response to the detected cell update trigger event. Subsequently, a security status indication in response to the aborted security reconfiguration may be provided, and a cell update message and the provided security status indication may be jointly transmitted to a node.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a 35 U.S.C. §371 national stage application of PCTInternational Application No. PCT/EP2010/058294, filed on 14 Jun. 2010,which itself claims priority to U.S. Provisional Patent Application No.61/298,934, filed 28 Jan. 2010, the disclosures and contents of both ofwhich are incorporated by reference herein in their entireties. Theabove-referenced PCT International Application was published in theEnglish language as International Publication No. WO 2011/091865 A1 on 4Aug. 2011.

TECHNICAL FIELD

The present invention relates to telecommunication systems in generaland specifically to management of security reconfigurations in suchsystems.

BACKGROUND

For all telecommunication systems, there is a variety of reconfigurationprocedures present. These procedures can be divided into two maingroups, based on the nature of the parameters to be reconfigured, namelysoft and physical reconfigurations. Physical reconfigurations deal withreconfigurations of a physical nature, such as radio bearerreconfiguration, transport channel reconfiguration, physical channelreconfiguration. Soft reconfigurations deal with non-physicalreconfigurations, such as for example security parameterreconfiguration. For a typical scenario of 3GPP specifications, thesetwo types of reconfigurations are treated somewhat different andconsequently suffer from different and separate problems.

The present disclosure will focus on soft reconfigurations, inparticular security reconfigurations in relation to 3 GPP specificationsTS 25.331 V8.7.0 section 8.1.12.4b, “Cell Update Procedure DuringSecurity Reconfiguration”. One area of improvement concerns the case ofdropped calls due to a mismatch of security configurations between thenetwork and a user terminal such as a mobile phone, as a consequence ofcell reselection procedure during the security reconfiguration.

For connected 3G users in the so called CELL_FACH state or mode tryingto set up a multi-RAB speech call, call drop occurs if a Cell-Updatecell reselection procedure coincides with the Security Mode procedure.To further clarify, the CELL_FACH state or mode is one of the radioresource control connected modes or states of operation. As such, for auser equipment in the CELL_FACH state the following is applicable.

-   -   No dedicated physical channel is allocated to the UE.    -   The UE continuously monitors a FACH in the downlink.    -   The UE is assigned a default common or shared transport channel        in the uplink (e.g. RACH) that it can use anytime according to        the access procedure for that transport channel.    -   The position of the UE is known by UTRAN on cell level according        to the cell where the UE last made a cell update.

It should be noted that Security Mode procedure includes negotiatingwhich ciphering and integrity protection scheme the concerned partiese.g. user equipment and network node are to use for communication. Amismatch or misalignment of security configuration between two partiese.g. user terminal and a network, will ultimately lead to a dropped callsince the parties are unable to communicate with each other.

During UE mobility, two such scenarios are possible:

-   -   1) Security Reconfiguration during Cell Update procedures, i.e.        Security Mode Command is received in a user equipment (UE) from        a network just after a Cell Update message is sent from the UE        to the network.    -   2) Cell Update procedure during Security Reconfiguration, i.e. a        Cell Update message is sent from the UE while the Security Mode        procedure is still ongoing.

Prior art, as represented by 3GPP specification TS 25.331 V8.7.0,section 8.1.12.4b, “Cell update procedure during securityreconfiguration,” section 8.1.12.2.2, “Integrity protectionconfiguration change,” and section 8.3.1.9b, “Security reconfigurationduring Cell update procedure,” describe how a user equipment UE ormobile and network should handle these two cases; however, there is roomfor improvement to further reduce the risk of calls being dropped as aresult of 3GPP specification limitations.

In general, all above mentioned problems are related to misalignment ormismatch in security (ciphering/integrity) settings when an ongoingSecurity Mode procedure is aborted, primarily due to Cell Updatecell-reselection. If both UE and radio network controller (RNC) abortthe security reconfiguration or if neither aborts, a network solutioncould easily handle this case. However, due to different race conditionsoccurring between cell update and security mode procedures, UE may abortreconfiguration but not the RNC, and vice versa. The result is anIntegrity Protection (and/or ciphering) misalignment resulting in calldrop.

With reference to FIG. 1, known Security Mode procedures from the UEpoint of view will be described. Within the time span designated “A”, itis clear from the 3GPP specification TS 25.331 V8.7.0 section 8.1.12.4b,“Cell Update Procedure During Security Reconfiguration” that the UEshall abort the ongoing security mode procedure if a Cell Update needsto be sent. This Cell Update can be triggered by any of the followingscenarios:

a) re-selection to a new cell

b) re-entering service area

c) periodical cell-update

d) to inform the network of a UE failure (“physical channel failure” or“RLC unrecoverable error”)

For the present disclosure, the case of a user equipment aborting anongoing security reconfiguration procedure due to reselection to a newcell will be exploited.

When it comes to the time span designated “B” above, 3GPP specificationsare somewhat unclear and also limited regarding UE securityconfiguration behavior. If a CellUpdate message is sent during thesecurity procedure, after securityModeComplete, but before the L2ACKreceived, then as above, the UE shall abort the ongoing Security Modeprocedure (3GPP specification TS 25.331 V8.7.0 section 8.1.12.4b, “CellUpdate Procedure During Security Reconfiguration”) with special handlingfor integrity parameter COUNT-I. Some other vague guidance is given by astatement targeting the RNC [2] (3GPP specification TS 25.331 V8.7.0section 8.1.12.2.2, “Integrity protection configuration change”), inwhich it is stated that the network (NW) should be aware that the UE“may” abort the security procedure.

Aborting the security procedure in the UE at this point however is notfavorable, since the UE has just acknowledged to the RNC (in SecurityMode Complete message) that the security reconfiguration is alreadyperformed even though the security reconfiguration is not yet fullyapplied in the UE until the L2ACK for securityModeComplete is receivedfrom the RNC (i.e. it is a grey area limitation in the prior art asrepresented by 3GPP specification TS 25.331 V8.7.0 section 8.1.12.4b,“Cell Update Procedure During Security Reconfiguration”).

If the UE aborts the security reconfiguration after RNC has received theSecurity Mode Complete, the new security reconfiguration will be appliedby the RNC. Hence there is a security mismatch, leading to call drop (asevidenced from live network analysis). The dropped call is due to thefact that the UE and the network at this point in time are usingdifferent security configurations and are unable to communicate.

SUMMARY

The present invention relates to methods and arrangements for improvedsecurity reconfiguration management in a cellular communication system.It is the object of the present invention to reduce the risk of droppedcalls due to cell update procedures.

In a method of managing security reconfiguration and cell updateprocedures in a user equipment in a cellular communication system thefollowing procedure is performed. A user equipment receives a securityreconfiguration request from a node, and subsequently initiates andconfirms the requested security reconfiguration to the node. At somepoint in time before node acknowledgement received, the user equipmentdetects a cell update trigger and aborts the already confirmed securityreconfiguration in response to the detected cell update trigger.Subsequently, the user equipment provides a security status indicationin response to the aborted security reconfiguration, then jointlytransmits, to the node, a cell update message and the provided securitystatus indication informing about the previously confirmed securityreconfiguration being aborted.

By these features, a mismatch between the security configurationsbetween a UE and a node in the cellular communication system is avoided.As a result, the call drop rate is reduced and the call setup rate canbe improved.

According to a further aspect of the present invention, an embodiment ofa user equipment in a cellular communication system includes means fordetecting a cell update trigger event, and means for aborting anyongoing security reconfiguration procedure in the user equipment inresponse to the detected cell update trigger event. In addition, theuser equipment includes means for providing a security status indicationin response to the aborted security reconfiguration, and means forjointly transmitting a cell update message and the provided securitystatus indication to a node.

According to yet a further aspect, an embodiment of a method of managingsecurity reconfiguration and cell update procedures in a node in acellular communication system according to the present inventionincludes the steps of transmitting a security reconfiguration request toa user equipment, and receiving a security reconfiguration confirmation.The node acknowledges and performs the confirmed securityreconfiguration. Subsequently, the node jointly receives a cell updatemessage and a security status indication informing about the confirmedsecurity reconfiguration being aborted in the user equipment. Finally,the node manages the requested security reconfiguration based on thereceived security status indication.

According to an additional aspect, an embodiment of a node in a cellularcommunication system includes means for transmitting a securityreconfiguration request to a user equipment, and means for receiving asecurity reconfiguration confirmation. In addition, the node includesmeans for acknowledging and performing the confirmed securityreconfiguration, and means for jointly receiving a cell update messageand a security status indication informing about the confirmed securityreconfiguration being aborted in the user equipment. Finally, the nodeincludes means for managing the requested security reconfiguration basedon the received security status indication.

The present invention, furthermore, coordinates advantageously cellupdate and security reconfiguration procedures and overcomes 3GPPspecification limitations as already described.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention, together with further objects and advantages thereof, maybest be understood by referring to the following description takentogether with the accompanying drawings, in which:

FIG. 1 is a schematic illustration of the known signaling during asecurity reconfiguration procedure in a user equipment;

FIG. 2 is a schematic illustration of the known signaling during asecurity reconfiguration and cell update procedure;

FIG. 3 is a schematic illustration of the known signaling during asecurity reconfiguration and cell update procedure;

FIG. 4 is a schematic illustration of an embodiment of a methodaccording to the present invention;

FIG. 5 is a schematic flow diagram of an embodiment of a method in auser equipment according to the present invention;

FIG. 6 is a schematic flow diagram of a further embodiment of a methodin a user equipment according to the present invention;

FIG. 7 is a schematic flow diagram of an embodiment of a method in anetwork node according to the present invention;

FIG. 8 is a schematic illustration of an embodiment of a user equipmentaccording to the present invention;

FIG. 9 is a schematic illustration of an embodiment of a network nodeaccording to the present invention.

ABBREVIATIONS

-   ACK ACKnowledgement-   AM Acknowledgement Mode-   CU Cell Update-   CCCH Common Control Channel-   CR Change Request-   DCCG Dedicated Control Channel-   FACH Forward Access Channel-   IE Information Element-   KPI Key Performance Indicators-   L2 Layer 2-   MP Mandatory present-   OP Optionally Present-   NW NetWork-   RAB Radio Access Bearer-   RIM Research in motion (specific UE vendor)-   RLC Radio Link Control (L2 Protocol)-   RNC Radio Network Controller-   SRB Signalling Radio Bearer-   TM Transparent Mode-   UM Unacknowledged Mode-   3GPP 3^(rd) Generation Partnership Project

DETAILED DESCRIPTION

The present disclosure will be described in the context of a 3GPPsystem; however it is equally applicable to similar systems with asimilar structure.

In order to fully comprehend the benefits of the present invention, amore in-depth description of prior art solutions and their potentialdrawbacks is provided below.

The two previously mentioned main race scenarios observed (duringmulti-RAB speech call from CELL-FACH) that lead to the various droppedcall symptoms are further described below and with reference to FIG. 2and FIG. 3.

In the first race scenario, with reference to FIG. 2, the Cell updatemessage and the security mode command cross over or meet in mid-air.Consequently, the RNC receives the cellUpdate message just afterSecurity Mode Command has been sent, while UE sends the cellUpdatemessage just before the Security Mode Command is received i.e. 3GPPspecifications TS 25.331 V8.7.0 section 8.3.1.9b, “Securityreconfiguration during Cell update procedure”. In FIG. 2 time isrepresented on the vertical axis, increasing from the top down. Thevarious signaling steps of the procedure in FIG. 2 are as follows:

1 Cell Update message sent from UE to RNC

2 Security Mode Command (security reconfiguration request) sent from RNCto UE.

As is clearly seen in FIG. 2, the two signals 1 and 2 meet in mid air.In this case the radio network controller will be made aware of the cellupdate before receiving any confirmation of the requested securityreconfiguration.

In the second race scenario, with reference to FIG. 3, the UE sends theCellUpdate message before receiving a L2 acknowledgement for securitymode complete i.e. 3GPP specifications TS 25.331 V8.7.0 section8.1.12.4b, “Cell update procedure during security reconfiguration”. InFIG. 3, time is represented on the vertical axis, increasing from thetop down.

With reference to FIG. 3, a typical problem solved by embodiments of thepresent invention will be described. The various signaling steps of theprocedure in FIG. 3 are as follows:

1. Security Mode Command

2. L2 ACK for (1)

3. Security Mode Complete

4. L2 ACK for (3)

5. Cell Update

At time instance A the UE selects a new cell, and aborts the ongoingsecurity reconfiguration, and rolls back to the old securityreconfiguration. At time instance B, the RNC activates the new securityconfiguration. Consequently, from time instance B the UE and the RNC areoperating with different security configurations and are unable tomaintain the existing call. In this case, there is a security mismatchsince the UE is on “old” security settings while RNC is now on “new”security settings, and thus ultimately leads to call drop.

Basically, the present invention aims at enabling means and arrangementsfor avoiding a mismatch in security configuration between a network nodeand a user equipment due to the second race scenario above between cellupdate and security reconfiguration procedures.

According to a preferred embodiment of the present invention, the UE isadapted to include a security status indication e.g. information elementin the Cell Update message sent from the UE to the RNC. This IE shouldclearly inform the RNC whether an ongoing security procedure in the UEhas been aborted or not, and so the RNC can easily decide whether it isnecessary also to abort and revert to old security settings or not, ortake other suitable action.

Today, as described previously, it is possible for the UE to abort anongoing security reconfiguration procedure just before the procedurecompletion, in order to send a Cell Update to the RNC. If the RNChowever has already completed this security reconfiguration procedure atthe time of reception of this cell update, then the RNC has no way ofknowing for certain that the preceding security procedure has just beenaborted in the UE. This is currently a limitation in the 3GPPspecifications. The new proposed status indication e.g. informationelement IE can easily overcome the 3GPP limitation.

With reference to FIG. 4, a signaling scheme according to an embodimentof the present invention will be described. In comparison to thesignaling scheme of FIG. 3, all steps up to step 4 are identical. Also,actions taken at time instances A and B are identical. However, in step5 the user equipment provides a security status indication in the cellupdate message. In this embodiment, the security status indication isprovided as an information element IE that is set to TRUE if a securityreconfiguration has been aborted. Consequently, at time instance C theradio network controller receives the security status indication and isinformed that the user equipment has aborted the previously requestedsecurity reconfiguration. In this embodiment the radio networkcontroller proceeds to revert or roll back to the previous securityconfiguration. Thus, the two nodes are once again able to communicateusing the same security configuration. However, it is implied that theradio network controller can take other or additional measures uponreceiving the security status indication.

With reference to FIG. 5, a basic embodiment of a method of managingsecurity reconfiguration and cell update procedures in a user equipmentin a cellular communication system according to the present inventionwill be described. Initially a user equipment detects S30 a cell updatetrigger event.

In response to the detected cell update trigger event, the userequipment aborts S40 any ongoing security reconfiguration procedure. Byaborting the security reconfiguration procedure, the user equipmentreverts to or rolls back to a previous e.g. already existing securityconfiguration. Subsequently, the user equipment provides S50 a securitystatus indication in response to the aborted security reconfiguration.Finally, the security status indication and a cell update message arejointly transmitted S60 to a node in the cellular communication system,typically a radio network controller node or similar control node.

Basically, the cell update message of prior art is amended to include asecurity status indication, such as a boolean information element thatis set to TRUE in case of an ongoing security reconfiguration procedurebeing aborted in the user equipment, and set to FALSE otherwise.

With reference to FIG. 6, a further detailed embodiment of a method ofmanaging security reconfiguration and cell update procedures in a userequipment in a cellular communication system according to the presentinvention will be described. Steps indicated in the previous embodimentare referred to with the same reference numbers.

Initially, the user equipment receives S10 a request for a securityreconfiguration from a node, e.g. radio network controller. The userequipment initiates and confirms S20 the requested securityreconfiguration. At some point in time before node acknowledgmentreceived the user equipment detects S30 a cell update trigger, and isconsequently forced to change or reselect a cell. In response to thedetected cell update trigger, the user equipment aborts S40 the alreadyconfirmed security reconfiguration. The user equipment then provides S50a security status indication in response to the aborted securityreconfiguration. Finally, the user equipment jointly transmits S60, tothe node, a cell update message, and the provided security statusindication informing about the confirmed security reconfiguration beingaborted.

The security status indication is preferably set to a predeterminedvalue in response to an aborted security reconfiguration, according to aparticular embodiment of the invention the status indication is providedas a boolean information element. According to a particular embodiment,the security status indication is set to TRUE only in the case of anaborted security reconfiguration and a cell update message is triggeredto be sent during an ongoing security reconfiguration. Otherwise, thesecurity status indication should be cleared/set to FALSE. The securitystatus indication should not be set in the case where a securityreconfiguration has been aborted but a cell update message is not sentuntil some later time after the completed security procedure.

With reference to FIG. 7, a basic embodiment of a method of managingsecurity reconfigurations and cell update procedures in a node, e.g.radio network controller, in a cellular communication system accordingto the present invention will be described.

At some point in time the node e.g. radio network controller, transmitsS100 a security reconfiguration request to a user equipment. Uponreceiving S200 a confirmation for the security reconfiguration, the nodeacknowledges S300 and performs the security reconfiguration.Subsequently, the radio network controller jointly receives S400 a cellupdate message and a security status indication in the cell updatemessage, the indication informing about the confirmed securityreconfiguration being aborted. Finally, the radio network controllermanages its security configuration based on the received security statusindication. One possible action would be to revert to a previoussecurity configuration in response to the received status indication.Another possible action would be to reattempt the aborted securityreconfiguration. In addition, other actions are possible, under thecondition that the radio network controller recognizes the includedsecurity status indication.

With reference to FIG. 8, a general embodiment of a user equipmentaccording to the present invention will be described. The user equipmentincludes a unit 30 for detecting a cell update trigger event, and a unit40 for aborting any ongoing security reconfiguration procedure in theuser equipment in response to the detected cell update trigger event. Inaddition, the user equipment includes a unit 50 for providing a securitystatus indication in response to the aborted security reconfiguration,and finally a unit for jointly transmitting 60 a cell update message andthe provided security status indication to a node in the communicationsystem.

According to a particular embodiment, also with reference to FIG. 8 (inparticular the dotted boxes), the user equipment further includes a unit10 for receiving a security reconfiguration request from a node, and aunit 20 for initiating and confirming the requested securityreconfiguration;

With reference to FIG. 9, an embodiment of a node according to thepresent invention will be described. The node e.g. radio networkcontroller includes a unit 100 for transmitting a securityreconfiguration request to a user equipment, and a unit 200 forreceiving a security reconfiguration confirmation from the userequipment. In addition, the node includes a unit 300 for acknowledgingand performing the confirmed security reconfiguration, and a unit 400for jointly receiving a cell update message and a security statusindication informing about the previously confirmed securityreconfiguration being aborted. Finally, the node includes a unit 500 formanaging the previously requested security reconfiguration based on thereceived security status indication.

It is understood that the functional parts of the embodiments can beimplemented as hardware e.g. processors within or as software elementse.g. algorithms executable on a computer. It is also understood thatsome parts of the functionality can be provided outside the userequipment and/or node and communicated to the user equipment and nodeusing other means of communication.

Advantages of the Present Invention Include:

The main benefit of the proposed new IE is to overcome the 3GPPlimitations and thus avoid unnecessary dropped calls at securityreconfiguration on CELL_FACH (e.g. typically at speech call setup fromCELL_FACH), hence improved KPIs and thus increased revenue and end-usersatisfaction.

This new “Security Status Indicator” IE ensures there is no securitymismatch between UE and RNC, as the RNC also rolls back to “old”security settings if cellUpdate received from UE with IE=“TRUE”,indicating the UE has aborted security procedure due to cellUpdate cellre-selection. As RNC and UE are using the same “old” security keys afterthe security procedure is aborted, then no abnormal call drop shouldoccur.

In case of any unforeseen scenarios, this IE will allow the network toconsider other alternative corrective actions rather than drop the callas occurs today.

The invention claimed is:
 1. A method of managing securityreconfiguration and cell update procedures in a user equipment in acellular communication system, the method comprising: receiving asecurity reconfiguration request from a node of the cellularcommunication system at the user equipment, wherein the securityreconfiguration request is to request a security reconfiguration for theuser equipment; initiating and confirming a security reconfigurationprocedure responsive to receiving the security reconfiguration requestfrom the node; after receiving the security reconfiguration request andafter initiating and confirming the security reconfiguration procedure,detecting a cell update trigger event; aborting the securityreconfiguration procedure in said user equipment in response todetecting the cell update trigger event without previously receiving asecurity mode complete acknowledge for the security reconfigurationprocedure while the security reconfiguration procedure is ongoing;providing a security status indication at the user equipment in responseto aborting the security reconfiguration procedure; and jointlytransmitting a cell update message and the security status indicationfrom the user equipment to the node of the cellular communication systemwherein the security status indication informs about the securityreconfiguration procedure being aborted in the user equipment.
 2. Themethod according to claim 1, wherein providing the security statusindication comprises setting the security status indication to apredetermined value.
 3. The method according to claim 1, wherein jointlytransmitting the cell update message and said security status indicationcomprises transmitting the cell update message and said security statusindication in a same cell update message.
 4. The method according toclaim 3, wherein the security status indication is provided as a booleaninformation element in the cell update message.
 5. The method of claim 1wherein jointly transmitting the cell update message and the securitystatus indication comprises transmitting the security status indicationas an information element of the cell update message.
 6. The method ofclaim 1 wherein the security reconfiguration procedure comprises asecurity reconfiguration procedure for the user equipment to reconfigurefrom a previous security configuration to a new configuration, andwherein aborting the security reconfiguration procedure comprisesreverting back to the previous security configuration.
 7. The method ofclaim 6 wherein receiving the security reconfiguration request comprisesreceiving a security mode command from the node of the cellularcommunication system, wherein confirming the security reconfigurationprocedure comprises transmitting a security mode complete message to thenode of the cellular communication system, and wherein jointlytransmitting the cell update message and the security status indicationcomprise transmitting the cell update message and the security statusindication in a same cell update message.
 8. The method according toclaim 1 wherein the node in the cellular communication system is a RadioNetwork Controller (RNC).
 9. The method according to claim 1 whereinproviding a security status indication comprises setting the securitystatus indication to a predetermined value at the user equipment inresponse to aborting the security reconfiguration procedure and inresponse to the cell update message being triggered to be sent during anongoing security reconfiguration procedure.
 10. A method of managingsecurity reconfiguration and cell update procedures in a node in acellular communication system, the method comprising: transmitting asecurity reconfiguration request from the node in the cellularcommunication system to a user equipment wherein the securityreconfiguration request is to request a security reconfiguration for theuser equipment; receiving a security reconfiguration confirmation at thenode in the cellular communication system from the user equipment forthe security reconfiguration; acknowledging and performing the securityreconfiguration for the user equipment, wherein acknowledging thesecurity reconfiguration comprises transmitting an acknowledgment forthe security reconfiguration to the user equipment; after transmittingthe acknowledgment for the security reconfiguration to the userequipment, jointly receiving a cell update message and a security statusindication at the node in the cellular communication system from theuser equipment, wherein the security status indication informs about thesecurity reconfiguration being aborted in the user equipment; and aftertransmitting the acknowledgment for the security reconfiguration to theuser equipment, managing the security reconfiguration for the userequipment at the node in the cellular communication system based on thesecurity status indication received from the user equipment wherein thesecurity status indication informs about the security reconfigurationbeing aborted in the user equipment.
 11. The method according to claim10, wherein managing the security reconfiguration comprisesretransmitting the aborted security reconfiguration request from thenode in the cellular communication system to the user equipment inresponse to receiving the security status indication.
 12. The method ofclaim 10 wherein jointly receiving the cell update message and thesecurity status indication comprises receiving the security statusindication as an information element of the cell update message thatinforms about the security reconfiguration being aborted in the userequipment after transmitting the acknowledgment for the securityreconfiguration to the user equipment, and wherein managing the securityreconfiguration comprises managing the security reconfigurationresponsive to receiving the security status indication as theinformation element of the cell update message.
 13. The method of claim10 wherein the security reconfiguration request for the user equipmentcomprises a request to reconfigure from a previous securityconfiguration to a new configuration, and wherein managing the securityreconfiguration comprises reverting to the previous securityconfiguration for the user equipment in response to receiving thesecurity status indication at the node in the cellular communicationsystem from the user equipment.
 14. The method of claim 13 whereintransmitting the security reconfiguration request comprises transmittinga security mode command from the node of the cellular communicationsystem to the user equipment, wherein receiving the securityreconfiguration confirmation comprises receiving a security modecomplete message at the node of the cellular communication system, andwherein jointly receiving the cell update message and the securitystatus indication comprises receiving the cell update message and thesecurity status indication in a same cell update message.
 15. The methodaccording to claim 10, wherein managing the security reconfigurationcomprises reverting to a previous security configuration for the userequipment in response to receiving the security status indication at thenode in the cellular communication system from the user equipment. 16.The method according to claim 10 wherein the node in the cellularcommunication system is a Radio Network Controller (RNC).
 17. The methodaccording to claim 12, wherein managing the security reconfigurationcomprises retransmitting the aborted security reconfiguration requestfrom the node in the cellular communication system to the user equipmentin response to receiving the security status indication as theinformation element of the cell update message after transmitting theacknowledgment for the security reconfiguration to the user equipment.